menu

About SSL-VPN

SSL-VPN provides "Network Access" service.

"Network Access" is to access campus network even when you are outside JAIST.

Introduction

The SSL-VPN gateway system is the following.

 

 SSL-VPN

 

The system for issuing the certificate changed in April 2016.

 

Characteristics and precautions for using BigIP-APM.

  • It is compatible with Windows and some tablet computers.
    It is NOT compatible with 64bit browsers.
    Google Chrome browser is NOT supported after January 2015.
    Default setting of Firefox43 or later has changed and configuration is required.
  • Client app (F5 Edge Client) is required for iOS6,7,8,9, or Android4,5.
  • Login screen will not be displayed if you use the browser did not import the digital certificate.
  • Disable IPv6 if you can not access the server which is inside JAIST after establishing the SSL-VPN connection.
  • TLS protocol is required, SSL2.0 and SSL3.0 are NOT accepted.

Requirements

SSL-VPN, BigIP-APM supports the following devices as at Nov. 2018.

-Supported Windows OS: 
  Windows 10 (32bit or 64bit version)  # Windows 7, 8.1 is not supported
-Supported browsers for Windows:
  InternetExplorer 11
  Firefox
  Chrome
  Edge
 
-Supported Apple OS:
  Apple OS X/MacOS 10.12, 10.13 or 10.14
-Supported browsers for Apple OS:
  Firefox
  Safari 11.x or 12.x
  Chrome

-Supported Linux:
  64bit x86_64 Linux # 32bit Linux is not supported.
-Supported browsers for Linux:
  Firefox
  Chrome

-Supported mobile devices:
  Apple iOS 12.x or 13.x
  Apple iPadOS 13.x

  Android 4.x to 10.x
-Supported browsers for movile device:

none.
please install F5 Access through the App Store.

 

 

Steps by step instuctions

Do either of the following settings.
Register the following site in your browser as a trusted site

SSL-VPN


Or enable "ActiveX/JAVA plug-ins". ActiveX control should be active
on Windows, and "JAVA plug-ins" on other systems.
Install your digital certificate into your browser.
JAIST Digital certificate can be obtained from the following link.

Digital Certificate

How to use (PC)

  1. Access the SSL-VPN site (https://vpn.jaist.ac.jp/) from your browser. A window to select a digital certificate will appear. Select your JAIST digital certificate. Then enter your JAIST account and password to log in.
    The log in screen will not be displayed if you don't install your digital certificate.
  2. Enter your username and password to login to SSL-VPN.
    The same username and password which you use for JAIST mail.
  3. After login, click jaist-vpn1 or jaist-vpn2 to establish the SSL-VPN connection.
    If it is the first time you use the gateway, a plugin installation will be required. Please install it as instructed.
  4. A small window will be appear when the SSL-VPN connection is established.
  5. Leave the small window open as long as you are using the SSL-VPN connection.

Notice:

  • If the Digital Certificate is not installed, the log-in window will be not shown.

Contents:

  • Application, Link
    • Manual, documents are here
  • Network Access
    • Link to the SSL-VPN gateway
      With SSL-VPN connection, you can access the campus network even when you are outside.
    • (WEB, SSH, FTP, Gakumu-system and other JAIST inside contents will be available.)
  • SSL-VPN provides both jaist-vpn1 and jaist-vpn2 connections.
    • The difference is the route used for accessing an off-campus serve. There is no difference in access to inside JAIST resources
    • If you are using the service for the first time from that machine, you will be prompted to install a plug-in so please install according to the instructions.
    • When you click on jaist-vpn 1 or jaist-vpn 2, a small window will be displayed.。
      • Please do not close the window as long as the SSL-VPN connection is in use. (When you close it, SSL-VPN connection will be disconnected).

How to use (Smartphone or Tablet PC)

  1. Client application, "F5 Access" is required. Download it. (first time only)
  2. Install your digital certificate from JAIST into your device.
  3. Start "F5 Access."
  4. Configure SSL-VPN connection. (first time only)
    • Server: vpn.jaist.ac.jp
    • Web logon: OFF
    • Use digital certificate:  ON
    • Certificate:  Select your digital certificate from JAIST
    • Username:  same as your username for JAIST mail
    • Password:  same as your password for JAIST mail
    • On demand connection: OFF

  5. Push [ Connect ] to establish the SSL-VPN connection.


This example is for iOS. Other devices are similar to the above.

How to use (Linux PC)

If you are using a Linux environment, please install the following plugin:

 

(In case installing the plugin directly from inside the Firefox browser failed) Type "about:addons" in the URL bar of Firefox to display a list of the installed add-ons. Remove the extension "F5 Networks Host Plugin" and restart Firefox.

 

  1. Connect and login to the SSL-VPN service using Firefox.
    You will be prompted to install the add-on, please refuse the request.
    Choose "Click here to download" in the "Downloading and installing software manually" section
    Save the tar file "linux_sslvpn.tgz".
    # It is recommended to create a working directory in advance and save it there.
  2. Please close Firefox.
    Launch the terminal and move to the saved location of "linux_sslvpn.tgz".
    Please execute installation with one of the following methods:
    【Installation as root】
    # su -
    # tar linux_sslvpn.tgz
    # ./Install.sh

    【Install using sudo】
    # tar linux_sslvpn.tgz
    # sudo ./Install.sh

    Please accept all the confirmations during installation "yes" and/or "enter".
    ======================================================================
    Would you like to install/update svpn components (yes/no)? yes Would you like to install/update CLI Client (yes/no)? yes
    =======================================================================
  3. Start Firefox, connect to the SSL-VPN service again, and log in.
    You will be asked to install add-on again, please install again and restart the browser.

What is the differences from the previous fep connection?

The main differences from the previous service of dialup connection via (fep) server are:

 

  • Before there was no distinction between inside and outside campus traffic.
  • Now all services are available from the browser.
    All traffic is encrypted HTTPS.
  • The new service can be used with simple preparation without the need for additional applications.

How to access your home directory from outside JAIST

Using the SSL-VPN connection, you can access to the data in your home directory when you are outside JAIST network

After logging into SSL-VPN server, click ether "jaist vpn1" or "jaist vpn2."

A small window of "Network Access" will appear.

The dialogue box will ask whether you want to install the F5 Networks plugin/addon, click "Install."

Next, if a message "Status: Network Access Connection successfully established" is displayed in the window, it means that the connection between your computer and JAIST network was established and you can access to the computers and servers in JAIST network.

------

As a reference, one example of how to access to your home directory from your computer is shown in the following link.


Access home directory from personal computers

How to use SSL-VPN on your iOS12 devices

Refer to the following manual to use SSL-VPN connection on your iOS12 devices.

 

Manual in Japanese (PDF)

Manual in English (PDF)